About SAML Response Decoder

Decode Base64-encoded SAML responses into readable XML. Part of the DevTools Surf developer suite. Browse more tools in the Security / Crypto collection.

Use Cases

• Debugging SSO login failures by inspecting SAML assertions
• Verifying identity provider attribute mappings during integration
• Extracting user claims from SAML responses for troubleshooting
• Auditing SAML configuration during security compliance reviews

Tips

• Paste Base64-encoded SAML responses to decode the XML
• Inspect assertion attributes for correct user claim mapping
• Check the signature and certificate references for validity

Fun Facts

• SAML 2.0 was published in March 2005 by OASIS and remains the dominant SSO protocol in enterprise environments over 19 years later.
• A single SAML response can contain multiple assertions, each with different authentication contexts and attribute statements.
• Despite the rise of OpenID Connect, an estimated 60% of enterprise SSO implementations still rely on SAML as of 2024.

FAQ

What is SAML?

Security Assertion Markup Language — enterprise SSO standard. Used by Okta, Azure AD, Google Workspace for logging users into apps via IdP-issued assertions.

Is it still used?

Widely — SAML is the default SSO protocol in enterprise IT. OIDC (OAuth 2.0's auth layer) is newer but SAML has entrenched support.

What does the decoder show?

Base64-decoded and XML-formatted SAML response: Assertion, Subject, Attributes, Conditions, AuthnStatement. Everything an IdP sends to an SP.

Does it verify the signature?

No — signature verification needs the IdP's public cert and is best done by the consuming service. The decoder shows structure; your SSO library validates.